Slashdot Mirror
Forbes Asks Readers To Disable Adblock, Serves Up Malvertising (engadget.com)
Deathlizard writes with a report at Engadget that when this year's "Forbes 30 Under 30" list came out , "it featured a prominent security researcher. Other researchers were pleased to see one of their own getting positive attention, and visited the site in droves to view the list. On arrival, like a growing number of websites, Forbes asked readers to turn off ad blockers in order to view the article. After doing so, visitors were immediately served with pop-under malware, primed to infect their computers, and likely silently steal passwords, personal data and banking information."
I hate the DMCA as much as the next guy but there's no DRM involved in blocking ads. Now, if you told people how to get around a paywall (even a trivial one) then you'd have a point.
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
I'll accept content from the domain that's in my address bar, and that's it. If somebody wants to show me ads, it's going to have to be from their own domain.
I don't respond to AC's.
I've rarely seen a website so encumbered with shit, like Forbes'. Not only should one not stop using ad-blockers when visiting them, one should simply never visit Forbes at all. Add it to the list of blocked sites.
"The agriculture ministry is not in charge of Gundam" - Japanese ministry official.
Note that browser makers Google, Microsoft, and Apple have continually pushed for DRM to become part of web standards.
And that they obtained considerable financial influence over the browser maker thought most likely to resist (Mozilla).
And that Mozilla gave in on DRM and continues to make inexpicable blunders and lose market share.
After such a relentless campaign to ensure all available browsers contain DRM, I wouldn't be at all surprised to see DRM used to protect ads, particularly in video. Stopping you from reading/recording a video stream necessarily stops you from altering it.
Damn, am I ever so happy (as always) that the proven tech leader was ousted as Mozilla's CEO in favor of the former head of marketing.
Interesting claims. Visitors were "immediately served with pop-under malware", although there is only one citation given, which is a link to a picture (presumably a screenshot) on @bbaskin's private Twitter account, which can only be seen by a "confirmed follower". Uh, okay. Nonetheless, this malware was "primed" to infect their computers and "likely" to do a lot of horrible stuff. Having run out of conjectures (let alone facts) about Forbes by the third paragraph, the rest of the article is padded out by a list of past incidents involving DailyMotion and MSN, followed by some bloviating which even Bennett Haselton might be ashamed of.
I'm totally sure that this isn't just attention-whoring from a litigious sex columnist who, after publishing The Adventurous Couple's Guide to Strap-On Sex and her second edition of The Ultimate Guide to Cunnilingus, apparently ran out of ideas and re-styled herself a computer security journalist.
Yes, I know malware is served through advertising, but this article is about a specific claim of Forbes being used as an injection vector with literally nothing backing it up. Also, let me note that there's nothing wrong with being a sex columnist. I just don't think that automatically means you should write about computer security.
"They were pure niggers." – Noam Chomsky
> Then what means of deploying an application across platforms isn't fundamentally broken?
The part where you deploy an application. That part is broken.
Did you follow the link to your spreadsheet? Or was it to a news article? There's an application you have for "display a news article". It's a browser running HTML with no scripting enabled. That displays text just fine- it's the only fucking purpose.
The reason scripts are FUNDAMENTALLY broken is that they are code. The fact that they are code that is treated by browsers as if they are just part of the browsing experience is ludicrous. If you want to use like Google Docs, that's a pretty good time to need code, so if you click through some script-enable dialogs, or honestly even a UAC in Windows for that, that could be reasonable. If the majority of browsers in the world just download and execute code, you are asking for exactly the security shitstorm we constantly and ceaselessly see. Running javascript is AS RISKY as running raw opcodes, because at any given day since Javascript's release, there's been multiple exploits to turn the javascript straight into those opcodes. The fact that the world is full of fools who think you need a webapp to display a news story is hideous.
It's US Criminal Code, Section 2701. This law is closely tied to the European Directive 2001/29/EC. Please review it, not with the understanding of a reasonable person, but with the approach of a lawyer for whom the details of the law is critical, and their client's interests paramount over reason.
(a)Offense.—Except as provided in subsection (c) of this section whoever—
and thereby obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this section.
In other words, if something is preventing you from accessing content, bypassing it is a violation. Blocking ads itself isn't a violation, but blocking something that hides content unless you turn off ad blocking is.